CVE-2008-2942 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-2942
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-2942

Description: Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/43551 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html SAID Secunia Advisory: SA31108 Secunia Advisory: SA31110 MLIST http://www.openwall.com/lists/oss-security/2008/06/30/1 http://www.openwall.com/lists/oss-security/2008/07/01/1 GENTOO http://security.gentoo.org/glsa/glsa-200807-09.xml CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0211 http://www.selenic.com/hg/rev/87c704ac92d4 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/493881/100/0/threaded BID 30072

Return to the previous page.